Red Hat Bugzilla – Bug 88136
redhat-config-security level interface is confusing
Last modified: 2007-04-18 12:52:48 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 Galeon/1.2.7 (X11; Linux i686; U;) Gecko/20030131
Description of problem:
If, like me, one does not understand very much about firewalls, the UI of
redhat-config-securitylevel is a little confusing: if you select "Customize"
instead of "Use default firewall rules" which takes precedence - "Trusted
devices" or "Allow incoming"?
Take this scenario: I don't want any connections from outside at all, but I run
VMware and want VMs to be able to access Apache on the host without allowing
HTTP requests from outside my machine to be allowed. If eth0 is not selected as
a trusted device but HTTP is selected for allow incoming, and an HTTP request
comes from eth0 which wins out? Similarly if vmnet0 is selected as a trusted
device but HTTP is not selected for allow incoming and an HTTP request comes
from vmnet0 what happens?
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Start redhat-config-securitylevel
2. Select Customize
3. Become confused
Actual Results: Nagging worry that I have opened a giant security hole in my
Expected Results: Warm fuzzy feeling and sense of well-being that my firewall
is configured correctly
88388 is closed, but says a similar thing.
In general, the "Customize" part of any user interface assumes that the user
knows enough to make manual changes to override the default settings.
I think that the documentation for this tool adaquately explains the choices
that the "Customize" mode presents.
I agree that the user interface layout could be improved. However, there's only
so much that the interface can do to explain a concept as complicated as
firewalls to a user who is not familiar with them.